ISE host name and AD joining

January 21, 2012

Recently we tried to join an Cisco ISE instance to Active Directory without success. The problem seemed to be because of the length of the ISE host name. Even though the system supports host names up to 19 characters long, we couldn’t add the ISE to AD until we shortened the name to be maximum [...]

Read the full article →

Stuck with an auth-proxy task

January 3, 2012

Hello I am currently working on a task (INE CCIE Security WB 1 Task 2.9) where I am supposed to configured an radius-based IOS auth-proxy. The task is this:   Configure Authentication PRoxy settings on R3 per the following requirements. US the radius server at 10.0.0.100 with the authentication key CISCO. The authentication proxy should [...]

Read the full article →

WLC2100 and ASA 5505 uses same hardware. Can they be converted?

October 9, 2011

I wonder if one can convert a Cisco Wireless Controller 2106 into an ASA 5505 or vice versa. It seems to be the same hardware. Anyone that knows if there is any burned-in differences, or is it just a matter of replacing the software?   I will try to swap the CF-card in an ASA5505 [...]

Read the full article →

Strange Win7-behavior with AnyConnect and Ipv6

September 13, 2011

I think Windows 7 behaves strange with AnyConnect and IPv6   I have recently been doing a lot of ipv6-configurations and as part of that I tried out the ipv6-support in the Cisco Anyconnect-client. While doing that I found out a lack of functionality when it comes to ipv6 in combination with Windows 7 and [...]

Read the full article →

Cisco ASA memory Upgrade

September 11, 2011

Newer versions of Cisco ASA requires more memory. Running anyconnect with multiple platform support requires more flash-memory than built in. There are memory upgrades available for purchase from cisco.com which I highly recommend. However, for lab-purposes any DDR memory and CompactFlash-card will do. Have a look in my lab gear.   First, an ASA5505. On [...]

Read the full article →

Private ipv4 addresses as a security reason not to convert to ipv6?

June 13, 2011

 I while ago I got into a discussion with one of my customers regarding ipv6. He told me that one reason not to migrate to ipv6 was for security.  – I dont want to tell the entire world what IP addresses I have on my servers. And when using ipv4 and NAT my internal ip [...]

Read the full article →

Another missing ASA-feature: telnet and ssh client

April 26, 2011

Every single decent Cisco-device on earth has the ability to make an CLI-user jump to another device with telnet or ssh. Except the ASA. I really wish that this feature could be added. Right now I am troubleshooting a firewall and from where I am right now the only way in is to SSH to [...]

Read the full article →

Missing feature: Cisco ASA dhcp static leases

April 18, 2011

Cisco ASA has an built-in dhcp-server that can become handy in some situations. Corporate deployments almost certainly contains one or more servers and especially when it comes to Windows networks I wouldn’t recommend anything else than a proper server-based dhcp-server. In smaller implementations however, the youngest sibling in the ASA family, 5505 is often the [...]

Read the full article →

ASA-generated traffic – part2

April 18, 2011

  In my previous post I successfully made ASA-generated traffic go into an VPN-tunnel. The catch with that was that the traffic (in my case: radius) was sources from the interface closest to the destination (outside) and I had to add that traffic to my crypto access-list to make it into the tunnel. This case [...]

Read the full article →

ASA-generated traffic thru Lan2Lan-tunnel?

April 15, 2011

Recently I got an request from a Cisco ASA customer who wanted to authenticate VPN-users with a remote Radius-server. Using Radius is piece of cake, but those of us that have been working with Cisco Pix/ASA for a while know that traffic to/from the box is no nearly treated the same way as traffic going [...]

Read the full article →

← Previous Entries

Next Entries →